Story image

Apple reportedly taking steps to crack down on iPhone unlockers

15 Jun 2018

Apple is reportedly taking a stand against those who use phone unlockers to access data on iPhones.

A report from Reuters this week claims that Apple vows to protect all customers and their devices by changing default iPhone settings to stop USB port communication when the device has been unlocked within the last 60 minutes.

The smaller time window could potentially cut access by as much as 90%, Reuters says.

The change has reportedly been documented in beta versions of iOS 11.4.1 and iOS 12, and Apple says it will eventually be rolled out in a general release.

The move to stop device unlockers comes after pressure from US authorities including the United States FBI to allow full access to the devices.

In 2015 Apple refused to help the FBI unlock an iPhone after a US shooting. The FBI recruited digital forensics company Cellebrite to unlock the device for them, however the conflict and ethics between data privacy and data access has been ongoing.

Hackers and commercial organisations have also seen the potential in iPhone unlockers. Earlier this year researchers from Malwarebytes Labs discovered a US-based firm called GrayShift that produced iPhone unlocking devices, dubbed GrayKey. 

The GrayKey devices, which can sell for up to US$30,000, are essentially boxes that connect two iPhones.  

“An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money,” explains Malwarebytes researcher Thomas Reed in a blog post from March 2018.

After two minutes the devices disconnect. Within a matter of hours or days, the phones will then display a screen with the passcode and other device information.

Reed warned that such devices would be useful to law enforcement, which in theory could seize innocent people’s devices, access them and search them without consent. In those cases, authorities could be liable for that data’s security, Reed warns.

The unlockers could also be goldmines to criminals wanting to sell them on the black market. The potential for data theft, harvesting and resale is a possible outcome.

“A jailbreak involves using a vulnerability to unlock a phone, giving access to the system that is not normally allowed. What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way? Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can’t be used as intended anymore, and will need to be replaced? It’s unknown, but any of these are possibilities,” Reed ponders.

“It’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from GrayShift or indirectly through the black market,” Reed concludes.

We have contacted an Apple spokesperson for comment.

Microsoft Teams’ eight new and upcoming features
After taking Best in Show at Enterprise Connect, Microsoft Teams will be seeing eight new capabilities over 2019.
IDC: NZ's PC market surprise growth will not last
Despite the growth witnessed at the end of 2018, IDC predicts that New Zealand’s traditional PC market in 2019 will decline by -4.4% YoY.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Vector penalised $3.5 million for excessive levels of power outages
''Given the impact electricity outages have on consumers and businesses it is crucial that lines companies have systems in place to identify and manage the risks present in their networks."
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
Microsoft offers Government free digital skills training
Upwards of 60 workshops will be offered, aimed at giving staff a vital grounding in cloud technologies, artificial intelligence and other skills.
Google certifies Panasonic rugged devices for enterprise
The Toughbook T1 and N1 handhelds meet all requirements for Google’s rugged Android certification.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."